What is X-bash? A look at the all-in-one malware threat

Following on from headline claiming malware like Petya, NotPetya and WannaCry, a new threat to computer users has emerged in the form of an all-in-one malware called X-bash.

What is X-Bash?

Researchers at Palo Alto Networks have named this new form of malware X-bash. They claim it combines bot net, cryptocurrency mining software and ransomware in one singular worm that specifically targets users of Linux and Windows.

Who created it?

The researchers, named ‘Unit 42’, have claimed that the malware can be tied to a collective known as the Iron Group (aka Rocke), who are known to be behind numerous other ransomware attacks.

What dangers does it pose?

The first point to note is X-bash’s botnet module. This is the prime method the malware utilizes to infect new Windows and Linux systems. It searches for unpatched security holes to get on to a server and can also brute-force several web servers.

It also contains a worm which, while it is said to be currently inactive, does have the ability to generate a list of IP addresses on the same network it has infected and test to see if ports are open.

Finally, X-bash also contains two modules which are used to extort money from the infected system’s user. The ransomware module attacks Linux servers, it looks for databases, destroys them and then leaves a ransom note which asks the user to pay a financial sum through an anonymous cryptocurrency payment. Similarly, X-bash contains a cryptominer which is deployed to Windows servers.

Worryingly, the team at Palo Alto Networks who discovered the threat have said that they have found no evidence that X-bash contains any capabilities of restoration, meaning that even if victims pay their ransom, it is unlikely they will ever have their data restored by the hackers.

How to protect your business

Businesses, organisations and individuals can protect their data by using strong passwords, keeping their patches up-to-date, using endpoint security on their systems, preventing access to unknown hosts on their servers and implementing a regular routine of data backups to prepare for the worst-case scenario.

Here at ECL we have extensive experience in protecting businesses against the latest malware, computer hacks, viruses, spam, phishing scams and other threats and can advise you on the best methods of protecting your business. We can also help businesses to update their systems to run the latest and most secure version of Windows available. For more information please, please call us on 01268 575300 or email us on info@ecl.co.uk.